baoyu-xhs-images
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates a vulnerability to indirect prompt injection because it processes untrusted user data (text articles) and incorporates it into prompts for a downstream image generation tool.
- Ingestion points: User-provided content is read from file paths or direct input in
SKILL.md(Step 1). - Boundary markers: The
references/workflows/prompt-assembly.mdtemplate lacks robust delimiters or 'ignore embedded instructions' warnings to isolate user data from system instructions. - Capability inventory: The skill has the capability to trigger image generation via external tools based on the processed content (Step 5).
- Sanitization: There is no evidence of sanitization, escaping, or validation of the input content before it is used in the prompt assembly process.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands (
test -f) to check for the existence of its configuration file (EXTEND.md) in both the project directory and the user's home directory. - [COMMAND_EXECUTION]: In
references/workflows/prompt-assembly.md, the skill describes executing a local script usingnpx -y bunto handle the final image generation process.
Audit Metadata